The National Institute of the Science and Technology releases a Log Management Planning Guide
October 25, 2023 |
The National Institute of the Science and Technology (“NIST”) is hugely influential in providing systems and setting out standards in the area of cyber security. It has no real peer. That doesn’t mean it is given the credit it should be by many practitioners. The NIST has released Cybersecurity Log Management Planning Guide.
Log management is the process for generating, transmitting, storing, accessing, and disposing of log data. It facilitates log usage and analysis for such things as identifying and investigating cybersecurity incidents, finding operational issues, and ensuring that records are stored for the required period of time.
The guide aims to assist organizations improve cybersecurity log management practices.
The Abstract provides:
A log is a record of events that occur within an organization’s computing assets, including physical and virtual platforms, networks, services, and cloud environments. Log management is the process for generating, transmitting, storing, accessing, and disposing of log data. It facilitates log usage and analysis for many purposes, including identifying and investigating cybersecurity incidents, finding operational issues, and ensuring that records are stored for the required period of time. This document defines a playbook intended to help any organization plan improvements to its cybersecurity log management.
A log is a record of the events that occur within an organization’s computing assets, including physical and virtual platforms, networks, services, and cloud environments.
Log management:
- is the process for generating, transmitting, storing, accessing, and disposing of log data.
- facilitates log usage and analysis to identify and investigate cybersecurity incidents, finding operational issues, and ensures that records are stored for the required period of time.
The guide sets out a plan for cybersecurity log management with actionable steps to improve log management practices. It intentionally avoid any recommendations on the details of log management because such processes are variable from one organization to another and frequently change.
Logs are composed of log entries, and each entry contains information related to a specific event, which is an observable occurrence in a computing asset. Logs functions include:
- as optimizing system and network performance,
- recording the actions of users, and
- providing data for investigating malicious activity.
- capture system events
- audit records,
- capturing application operational and security events,
- record routine events, adverse events, and possible malicious activity.
Log management is the process for generating, transmitting, storing, accessing, and disposing of log data. It facilitates an organization’s log usage and analysis. It helps ensure that records are stored in sufficient detail for an appropriate period of time. The continuous monitoring and analysis of logs are beneficial for identifying:
- security incidents,
- policy violations,
- fraudulent activity, and
- operational problems
Logs also perform auditing and forensic analysis & support an organization’s internal investigations, establishing baselines, verifying that assets operate as intended, and identifying operational trends and long-term problems.
The log plan is informed by the activities that will leverage the logs to inform security and operational decisions.
The publication provides a basis for cybersecurity log management planning. It provides actionable steps that organizations can take to plan improvements to their log management practices in support of recommended practices and regulatory requirements. \
.